Academic account security –

checklist for developers, students, and teachers

Academic Account Security – A Checklist for Developers, Students, and Teachers

The education sector faces cyberattacks no less than other areas. Over the past 2 years from ransomware attacks 60% of educational institutions in the USA were affected. Microsoft also established that 8 out of 10 registered cyberattacks took place in educational institutions.

The post-pandemic shift to remote and hybrid learning has become the norm, and this has inevitably attracted the attention of attackers. At the same time, thousands of personal devices (smartphones, tablets) are often connected to the university network and immediately to the global network.

This inevitably leads to vulnerabilities in the university’s IT infrastructure. What can intruders do by getting into it:

  • get access to the financial part for the purpose of withdrawing funds from accounts;
  • disrupt the availability of the platform to receive a reward for its restoration;
  • gain access to educational materials in order to resell them on the black market at a lower price;
  • get confidential information: thousands of documents, passports, student cards, telephone numbers, addresses and other data can fall into the wrong hands and be used for resale, issuing forged documents or taking out loans;
  • gain access to personal data of students’ accounts in an unsecured network, and they can be related to mail, social networks and facilitate access to other data, for example, payment information;
  • infect devices with viruses for the purpose of extortion.

Steps to improve security

Knowledge in the field of cybersecurity is becoming increasingly important, especially in the academic field, where databases with sensitive information are stored. Therefore, as cyber security experts, we recommend developing a list of rules that will help increase protection.

Basic recommendations for developers of web applications for academies

  • Regularly conduct a security audit of your platform (can be engaged for this reliable verified agency) to identify vulnerabilities and exploit them in a timely manner;
  • use secure cloud services in order to be able to protect against DDos attacks and reduce the cost of data storage in the presence of constantly growing traffic;
  • install software (such as Gluu) to identify users and control user access to the system based on their role (administrator or user);
  • store all versions of the software product on alternative media (in the same cloud) to be able to quickly restore data even if hackers try to destroy it;
  • train and retrain employees to keep abreast of the latest trends in information security;
  • use advanced technologies to protect your users’ accounts — in particular two-factor authentication: secure accounts with OTP passwords, electronic digital signature, fingerprint or security keys, that prevent phishing attacks;
  • develop a security policy in your educational institution for each role and introduce it to everyone involved: administrators, teachers, students.

Basic recommendations for students and teachers

  • Always use the most complex passwords possible and change them more often to prevent attackers from picking passwords;
  • connect two-factor authentication to your account, if your platform offers this option;
  • try not to use public Wi-Fi networks, at least connect via VPN if you need to make payments, and remember to log out of accounts after visiting them;
  • store passwords in a safe place toprevent them from being stolen;
  • create separate mailboxes for personal mail and for use in your educational institution, so that an attacker cannot get more important personal information if access to work email is lost;
  • carefully check the addresses of links in the newsletters sent to you and do not enter passwords or bank card details on suspicious sites;
  • read instructions, undergo training and follow safety recommendations, if such are offered by the administration;
  • use security keys to reliably protect against phishing and/or not worry about where to store passwords.

Benefits of security keys:

  • opening accounts with keys is easy and convenient, it is similar to how you open an apartment or a personal car;
  • no one will be able to open the account without the physical key, so even if the password is picked up, stolen or compromised by you on a phishing site, the fraudster will still not be able to access your account;
  • hardware keys can have different form factors (if you use YubiKey keys – an American manufacturer), so they can be easily converted for any devices;
  • YubiKeys do not require drivers to be downloaded and “work right out of the box”.

You can read more about security keys in our review.

Which security keys are better to use

As security experts with 30 years of experience and as an official distributor of the American company Yubico, we recommend from the list two main product lines for all educational institutions:

  • YubiKey FIPS — keys for administrators or managers who manage the accounts of other participants and have access to critical information;
YubiKey FIPS

YubiKey FIPS

  • YubiKey Security Key — найдешевша серія, яка має мінімальний набір функцій, доступна як для викладачів, так і для студентів, які ще не мають доходу.
yubikey security key

YubiKey Security Key

For IT academies that require the use of more expensive and complex equipment, we recommend the keys of the YubiKey 5 and YubiKey Bio series. The former have more features and a choice of form factors for whatever devices you use. Others have additional protection with a fingerprint sensor.

YubiKey 5

Yubikey 5

Capacitive scanners yubikey

YubiKey Bio

If you are interested in purchasing keys, but have not decided on the models and need advice, call +38(044)-35-31-999 or send an application from this page.

New challenges and threats of modern cyberspace in the era of ChatGPT: how is the criminal’s portrait changing?

OpenAI introduced GPT chat version 3 in late 2022, based on large language models. He knew how to hold a conversation like a real person, communicate in many languages, pass exams, write software code and even blog. Already after 2 months, the number of his supporters...

Cybersecurity outsourcing – is it really dangerous and expensive?

Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....

What businesses need to know about information security – an overview of technical tools

Unauthorised access to personal information, financial accounts or trade secrets can cause a lot of damage. This can lead to large losses due to the loss of reputation and financial assets, violation of user privacy, etc. Therefore, every person, organisation, business or financial institution must take care of data protection.

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryption

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryptionBrute force attacks are one of the most common hacking methods. It is considered one of the simplest, because in fact, in order to start an attack, an attacker only needs...

How to choose a quality USB token or security key

What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...

Two-factor authentication

Two-factor authentication Two-factor authentication In the modern world of computer tech, when it comes to information and personal data protection the use of passwords only is no longer reliable. It’s no secret, that even complex combinations of words, digits and...

How to protect yourself and colleagues from persuasive social engineering “specialists”

How to protect yourself and colleagues from persuasive social engineering “specialists”How could it be that Olena downloaded the virus, believing that by following the link she would receive a brand new iPhone as a gift? Did Oleksiy do better than Elena by inserting a...

Ways to log in to the Windows OS without a password

Ways to configure passwordless login in the Windows OSWays to log in to the Windows OS without a password Access to the operating system account should be simple but secure. Especially if the device can be used by several other people – in an office, co-working space...

Fingerprint scanner on a smartphone – how reliable it is

Fingerprint scanner on a smartphone — how reliable it isFingerprint scanner on a smartphone – how reliable it is Even 20 years ago, few people wondered why a fingerprint scanner was needed, and today it is present on many smartphones released after 2014. Agree, it is...

What is 2-Step Verification

What is two-step authentication?It is very unpleasant to imagine, even for a moment, a situation in which an outsider gains access to your personal account on a PC. After all, in this case, the attacker can: view personal correspondence; copy photos intended only for...